Initial support for certificate policy checking and evaluation.

This is currently *very* experimental and needs to be more fully integrated with the main verification code.
author: Dr. Stephen Henson <steve@openssl.org> 2004-03-23 14:14:35 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2004-03-23 14:14:35 +0000
commit: 4acc3e907d29d8d61ae7e11ad7985a986332a1c1 (patch)
tree: 97b0e178ea69ae6786e979d62cc480180c7431af /crypto/asn1/x_x509.c
parent: 9449e38504dea3e1500cd58f40c1b2b904ef843d (diff)
download: openssl-4acc3e907d29d8d61ae7e11ad7985a986332a1c1.zip
openssl-4acc3e907d29d8d61ae7e11ad7985a986332a1c1.tar.gz
openssl-4acc3e907d29d8d61ae7e11ad7985a986332a1c1.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index f71ba26..eff2290 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -79,6 +79,8 @@ ASN1_SEQUENCE(X509_CINF) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
 /* X509 top level structure needs a bit of customisation */
 
+extern void policy_cache_free(X509_POLICY_CACHE *cache);
+
 static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
 	X509 *ret = (X509 *)*pval;
@@ -106,6 +108,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 		X509_CERT_AUX_free(ret->aux);
 		ASN1_OCTET_STRING_free(ret->skid);
 		AUTHORITY_KEYID_free(ret->akid);
+		policy_cache_free(ret->policy_cache);
 
 		if (ret->name != NULL) OPENSSL_free(ret->name);
 		break;
author	Dr. Stephen Henson <steve@openssl.org>	2004-03-23 14:14:35 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2004-03-23 14:14:35 +0000
commit	4acc3e907d29d8d61ae7e11ad7985a986332a1c1 (patch)
tree	97b0e178ea69ae6786e979d62cc480180c7431af /crypto/asn1/x_x509.c
parent	9449e38504dea3e1500cd58f40c1b2b904ef843d (diff)
download	openssl-4acc3e907d29d8d61ae7e11ad7985a986332a1c1.zip openssl-4acc3e907d29d8d61ae7e11ad7985a986332a1c1.tar.gz openssl-4acc3e907d29d8d61ae7e11ad7985a986332a1c1.tar.bz2